diff options
| author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2008-09-23 17:52:39 +0000 |
|---|---|---|
| committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2008-09-23 17:52:39 +0000 |
| commit | 92aec66a7ccdb1f38be566a4e553ff2600ec3363 (patch) | |
| tree | d35f7fdd0ccbb2871d33904519241abf15d7fb00 /pki/base | |
| parent | 2c6a3daedb8cbe4cdcbb98418cd068562ec45e00 (diff) | |
| download | pki-92aec66a7ccdb1f38be566a4e553ff2600ec3363.tar.gz pki-92aec66a7ccdb1f38be566a4e553ff2600ec3363.tar.xz pki-92aec66a7ccdb1f38be566a4e553ff2600ec3363.zip | |
463343 - Server-side key generation failed on DRM with nethsm
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@112 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base')
| -rw-r--r-- | pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java | 59 |
1 files changed, 53 insertions, 6 deletions
diff --git a/pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java b/pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java index 59f3a0a55..4f41eac7d 100644 --- a/pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java +++ b/pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java @@ -143,12 +143,57 @@ public class NetkeyKeygenService implements IService { CryptoToken token = mKRA.getKeygenToken(); - CMS.debug("NetkeyKeygenService: key pair is to be generated on slot: "+token.getName()); + CMS.debug("NetkeyKeygenService: key pair is to be generated on slot: "+token.getName()); + + /* + make it temporary so can work with HSM + netHSM works with + temporary == true + sensitive == <do not specify> + extractable == <do not specify> + LunaSA2 works with + temporary == true + sensitive == true + extractable == true + */ KeyPairGenerator kpGen = token.getKeyPairGenerator(kpAlg); - // make it temporary so can work with HSM - kpGen.temporaryPairs(true); - kpGen.sensitivePairs(true); - kpGen.extractablePairs(true); + IConfigStore config = CMS.getConfigStore(); + IConfigStore kgConfig = config.getSubStore("kra.keygen"); + boolean tp = false; + boolean sp = false; + boolean ep = false; + if (kgConfig != null) { + try { + tp = kgConfig.getBoolean("temporaryPairs", false); + sp = kgConfig.getBoolean("sensitivePairs", false); + ep = kgConfig.getBoolean("extractablePairs", false); + // by default, let nethsm work + if ((tp == false) && (sp == false) && (ep == false)) { + tp = true; + } + } catch (Exception e) { + CMS.debug("NetkeyKeygenService: kgConfig.getBoolean failed"); + // by default, let nethsm work + tp = true; + } + } else { + // by default, let nethsm work + CMS.debug("NetkeyKeygenService: cannot find config store: kra.keygen, assume temporaryPairs==true"); + tp = true; + } + /* only specified to "true" will it be set */ + if (tp == true) { + CMS.debug("NetkeyKeygenService: setting temporaryPairs to true"); + kpGen.temporaryPairs(true); + } + if (sp == true) { + CMS.debug("NetkeyKeygenService: setting sensitivePairs to true"); + kpGen.sensitivePairs(true); + } + if (ep == true) { + CMS.debug("NetkeyKeygenService: setting extractablePairs to true"); + kpGen.extractablePairs(true); + } if (kpAlg == KeyPairAlgorithm.DSA) { if (pqg == null) { @@ -161,9 +206,11 @@ public class NetkeyKeygenService implements IService { } if (pqg == null) { - KeyPair kp; + KeyPair kp = null; synchronized (new Object()) { + CMS.debug("NetkeyKeygenService: key pair generation begins"); kp = kpGen.genKeyPair(); + CMS.debug("NetkeyKeygenService: key pair generation done"); mKRA.addEntropy(true); } return kp; |